Unfortunately for today’s businesses, email continues to be the hacker’s favored attack vector, primarily because users–even those who have undergone training and should know better–continue to click on innocent- or official-looking, but highly dangerous, links and attachments. Right now, about 85% of all malicious emails have a .DOC, .XLS, .PDF, .ZIP, or .7Z attached, according to Finnish security provider F-Secure, with 92% of all malware attacks occurring through email. All that to say this: locking down secure email practices (and locking out cybercrooks) remains one of the most important and effective defensive strategies you can employ.
For most companies, securing email begins with defining and enforcing password-hygiene best practices, and training employees to spot and report suspicious-looking messages. While this is a great start, more proactive business leaders will take it a step further–several steps, in fact–by asking their in-house IT pro or IT Managed Service Provider (MSP) whether (and which) other proven preventive measures should be included in your mix. These examples covered by security experts at WeLiveSecurity.com, might help you begin the conversation:
1) Email authorization and authentication. When core email protocols lack proper authentication techniques, email ‘spoofing’ (or faking) is trivially easy for crooks to pull off. Spoofing occurs when hackers forge or fake a sender’s address and/or identity, and pose as someone else to look legitimate. Their goal is to trick recipients into doing or divulging something that grants them access to your networks. The big question for your team is whether you’re doing enough in this area (and these that follow).
2) Account protection. If not already in use at your company, it makes sense to also better understand the pros and cons of multi-factor authentication (MFA). Rather than providing a single ‘factor,’ such as username and password, to grant system access, MFA also requires a second factor, oftentimes a one-time ‘key,’ which is sent to the requesting user by text or email. MFA can tie directly to the email app’s login process or to the network login, depending on your particular risk profile. A Managed Service Provider like TeamLogicIT Plano or security pro can help with all of this.
3) Validating and securing content. Identifying the best approach in this area will center on what level of protection and encryption (if any) best suits your company’s needs. It’s also a good idea for your team to understand how much ‘filtering’ is being applied to your company email, and whether current attachment-type restrictions provide adequate protection.
4) Software updates. Regular patching and updating is a basic best practice for any and all applications, including your operating system, browser and browser extensions, and the email program itself. This one step alone can reduce your security exposure significantly. While you’re discussing general email practices with your provider or team, it wouldn’t hurt to assess your practices in this area, too. If you’re not certain about the strength or resilience of your company’s email security, contact the security experts at TeamLogic IT Plano today at 469.573.3743. A strong password policy is essential. But in today’s environment, it’s only a small piece of a much bigger picture.
Mohammad (Mo) Nilforoushan is a trusted Technology Advisor in North Dallas who has completed his BSEE from Cleveland State University and a MS in Solid State Physics from Bowling Green State University. He has worked as a Product and Test Engineering Manager for 15 years with RCA/Harris, Dallas Semiconductor and Texas Instruments. He was also Director of Operations at Microtune Inc. between 2002 to 2015. Mo started his own company, “TeamLogicIT Plano” in 2015 with a mission to deliver excellent Managed IT Services in Dallas and Plano, TX with innovation and updated technology. The TeamLogicIT Plano team, which includes his wife Kathleen Stewart (marketing/sales) provides excellent IT Support, Computer Services, Cloud Computing, Backup, and Disaster Recovery, with second to none customer service. Call us at (469) 573-3743 or contact our email [email protected].
RECENT COMMENTS